Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact This issue affects Apache OpenMeetings: from 3.1.3 before 9.0.0. Users are recommended to upgrade to version 9.0.0, which fixes the issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NApache Openmeetings
APPApache3.1.3 – 9.0.0 (bez)
Related vulnerabilities
Apache OpenMeetings: deserializacja niezaufanych danych w konfiguracji klastrowej
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Descri...
Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.
Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and ...
Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.